package team.scau.laboratory_repair.config;

import org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.filter.authc.LogoutFilter;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import team.scau.laboratory_repair.common.shiro.AdminUserRealm;
import team.scau.laboratory_repair.common.shiro.WechatUserRealm;
import team.scau.laboratory_repair.common.shiro.UserModularRealmAuthenticator;

import javax.servlet.Filter;
import java.util.*;

/**
 * @author 30254
 * creadtedate:2018/8/17
 */
@Configuration
public class ShiroConf {

    //权限管理，配置主要是Realm的管理认证
    @Bean
    public SecurityManager securityManager(AdminUserRealm adminUserRealm) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //设置realm.
        securityManager.setAuthenticator(modularRealmAuthenticator());
        List<Realm> realms = new ArrayList<>();
        //添加多个Realm
        realms.add(myRealm());
        realms.add(wechatUserRealm());
        securityManager.setRealms(realms);
        return securityManager;
    }

    @Bean
    public ModularRealmAuthenticator modularRealmAuthenticator(){
        //自己重写的ModularRealmAuthenticator
        UserModularRealmAuthenticator modularRealmAuthenticator = new UserModularRealmAuthenticator();
        modularRealmAuthenticator.setAuthenticationStrategy(new AtLeastOneSuccessfulStrategy());
        return modularRealmAuthenticator;
    }

    @Bean
    public AdminUserRealm myRealm() {
        AdminUserRealm adminShiroRealm = new AdminUserRealm();
        return adminShiroRealm;
    }

    @Bean
    public WechatUserRealm wechatUserRealm() {
        WechatUserRealm wechatUserRealm = new WechatUserRealm();
        return wechatUserRealm;
    }

    //Filter工厂，设置对应的过滤条件和跳转条件
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiro = new ShiroFilterFactoryBean();
        shiro.setSecurityManager(securityManager);
        Map<String,String> map = new LinkedHashMap<>();
        map.put("/static/**","anon");
        map.put("/mobile/**","anon");
        map.put("/pc/logout.html","logout");
        map.put("/pc/**.html","anon");
        map.put("/pc/**","authc");
        map.put("/**","anon");
        //登录
        shiro.setLoginUrl("/pc/login.html");
        //首页
        shiro.setSuccessUrl("/pc/main");
        //错误页面，认证不通过跳转
        shiro.setUnauthorizedUrl("/pc/login.html");

        Map<String,Filter> filters = new LinkedHashMap<>();
        LogoutFilter filter = new LogoutFilter();
        filter.setRedirectUrl("/pc/login.html");
        filters.put("logout", filter);
        shiro.setFilters(filters);

        shiro.setFilterChainDefinitionMap(map);
        return shiro;
    }

    //加入注解的使用，不加入这个注解不生效
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }
}
